Testing out talos provider for config patches

2025-09-28 22:00:55 -07:00 · 2025-09-28 22:00:55 -07:00 · 5d6d21108f
commit 5d6d21108f
parent ee03c3b5b7
2 changed files with 50 additions and 14 deletions
--- a/control_plane/main.tf
+++ b/control_plane/main.tf
@ -8,6 +8,9 @@ terraform {
  }
 }

+provider "talos" {
+  # Configuration options
+}

 # Load variables from a .tfvars file
 variable "cluster_name" {
@ -91,22 +94,55 @@ resource "null_resource" "talos_cluster" {
  }
 }

-resource "null_resource" "talos_cluster_patches" {
-  depends_on = [null_resource.talos_cluster]
-  triggers = {
-    patches_hash  = filesha1("${path.module}/patches/controlplane-patch.yaml")
-  }
+resource "talos_machine_secrets" "this" {}

-  provisioner "local-exec" {
-    command = <<EOT
-      # Apply ONLY your custom patches (not the full config)
-      talosctl patch machineconfig \
-        --patch-file patches/controlplane-patch.yaml \
-        --nodes 10.5.0.2
-    EOT
-  }
+data "talos_machine_configuration" "this" {
+  cluster_name     = "${var.cluster_name}"
+  machine_type     = "controlplane"
+  cluster_endpoint = "https://10.5.0.0:6443"
+  machine_secrets  = talos_machine_secrets.this.machine_secrets
 }

+data "talos_client_configuration" "this" {
+  cluster_name         = "example-cluster"
+  client_configuration = talos_machine_secrets.this.client_configuration
+  nodes                = ["10.5.0.2"]
+}
+
+resource "talos_machine_configuration_apply" "this" {
+  client_configuration        = talos_machine_secrets.this.client_configuration
+  machine_configuration_input = data.talos_machine_configuration.this.machine_configuration
+  node                        = "10.5.0.2"
+  config_patches = [
+    yamlencode({
+      cluster = {
+        apiServer = {
+          certSANs = [
+            "- 10.5.0.1"
+          ]
+        }
+      }
+    })
+  ]
+}
+
+# resource "null_resource" "talos_cluster_patches" {
+#   depends_on = [null_resource.talos_cluster]
+#   triggers = {
+#     patches_hash  = filesha1("${path.module}/patches/controlplane-patch.yaml")
+#   }
+
+#   provisioner "local-exec" {
+#     command = <<EOT
+#       # Apply ONLY your custom patches (not the full config)
+#       talosctl patch machineconfig \
+#         --patch-file patches/controlplane-patch.yaml \
+#         --nodes 10.5.0.2 \
+#         --mode reboot
+#     EOT
+#   }
+# }
+
 output "next_steps" {
  value = <<EOT
 After applying:
--- a/control_plane/patches/controlplane-patch.yaml
+++ b/control_plane/patches/controlplane-patch.yaml
@ -1,4 +1,4 @@
 cluster:
  apiServer:
    certSANs:
-      - 10.5.0.1
+      - 10.5.0.2